Forum Discussion
smp_86112
Cirrostratus
Jul 01, 2010SSL Decryption with Wireshark - Cached Certificate?
I know it is possible to decrypt an HTTPS conversation between a client and a virtual server with Wireshark - I've done it before by specifying a couple of parameters in the SSL protocol preferences (...
hoolio
Cirrostratus
Jul 04, 2010Hi SMP,
As you say, in order for the SSL decryption to work, you have to capture the initial handshake. If you have control over the client, it would be better to clear the SSL cache on the client versus LTM. This will force the client to negotiate a new SSL session. Your decryption should then succeed. In IE, you can go to Tools | Options | Content | Clear SSL state. For Firefox, I think it's active logins that you can clear using Ctrl+Shift + Delete.
If you don't have control over the client, I think a 'b load' will clear the SSL cache on LTM. It would be a significant hit if you prevented LTM from caching SSL sessions, as I believe the initial SSL handshake is the most computationally expensive operation in the SSL conversation. If you still wanted to do this, I think you could set the client SSL profile's cache size to 0 sessions.
Aaron
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects